Hijacking system("/bin/sh") to run arbitrary commands

c linux shell
10,731

If you execute

system("/bin/bash");

the shell enters into interactive mode. It reads commands from standard input and writes answers to standard output. The standard input and output is inherited from the calling (your) program. Your program will wait until the shell finishes (i.e. until you enter the command exit or you type ^D at the beginning of line). The shell will run with the same privileges as the calling program.

Share:
10,731
user3312767
Author by

user3312767

Updated on June 04, 2022

Comments

  • user3312767
    user3312767 almost 2 years

    I'm trying to perform a privilege escalation attack using a binary which performs the call:

    system("/bin/sh");

    Is there a way to pass commands as "arguments" or such with the opened shell? (I don't see it opening, I guess it runs and dies as soon as it has nothing to do which is immediately).

    Edit: I Cannot edit the code. It's compiled already.

  • Charles Duffy
    Charles Duffy about 7 years
    If the OP had an interactive TTY (and it were passed through on stdin), then the shell wouldn't be "immediately" exiting as they describe.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to implement your own cd command in your own shell
Shell program with pipes in C
how to store results of ./a.out to a text file
Is it possible to define a variable as static in shell bash function like C?
Difference between stdout and /dev/stdout
Syntax error: "(" unexpected when execute a compiled c program
Changing a user's default shell
Using the exec() family to run the "cd" command
How to get the status of command run by system()
exec() any command in C